Забавяне на компютъра

[vasilmihov]

Здравейте , от известно време наблюдавам забавяне на компютъра при стартиране и при отваряне на интернет страници. При пускане на клип онлайн има насичане , проблема не е в интернета защото с др лаптоп си върви добре.Това са резултатите от сканирането

 

 

2014/02/10 17:43:53 +0200 PC1123333 pc1 MESSAGE Starting database refresh

2014/02/10 17:44:03 +0200 PC1123333 pc1 MESSAGE Database refreshed successfully

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014

Ran by pc1 (administrator) on PC1123333 on 10-02-2014 22:31:22

Running from C:\Users\pc1\Desktop

Windows 7 Ultimate Service Pack 1 (X64) OS Language: Bulgarian

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {2381584a-9259-11e2-8e16-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {2381585b-9259-11e2-8e16-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {40e522f1-30c1-11e2-a9c3-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {53dd3296-7831-11e2-aa98-e0ca94e19ff0} - G:\Inst.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {8d90d8ca-10a0-11e2-be1c-e0ca94e19ff0} - G:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {8d90d8dd-10a0-11e2-be1c-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81318-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81336-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81364-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {b017f233-e98d-11e2-b241-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {e7868358-918e-11e2-ab1d-e0ca94e19ff0} - I:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {e786836c-918e-11e2-ab1d-e0ca94e19ff0} - H:\AutoRun.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F5A9E22169CCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {EDF963C7-D045-4A14-8944-E889E0E6CD25} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: CGMFragment Class - {0695F52A-89A2-4246-81B5-AFAD2D3B865F} - C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll ()

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{68329BAA-58A1-41E8-82B3-0CD8FF13112A}: [NameServer]212.39.90.42 212.39.90.43

Tcpip\..\Interfaces\{C105DB8B-578E-4900-8490-E7400F1B18D5}: [NameServer]212.39.90.42 212.39.90.43

Tcpip\..\Interfaces\{FDA2D1B6-5B09-419F-A793-DE955FE1B9AE}: [NameServer]212.39.90.42 212.39.90.43

 

FireFox:

========

FF ProfilePath: C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Default Tab - C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\addon@defaulttab.com.xpi [2013-11-17]

FF Extension: Torntv 2 - C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\torntv2@torntv.com.xpi [2013-06-11]

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.bg/

CHR DefaultSearchKeyword: search here

CHR DefaultSearchProvider: Search Here

CHR DefaultSearchURL: http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Google Wallet) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-08-24]

CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-08-24]

 

==================== Services (Whitelisted) =================

 

R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-05-11] (Autodata Limited)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2013-03-21] ()

 

==================== Drivers (Whitelisted) ====================

 

R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-16] (DT Soft Ltd)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2013-03-21] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 Tosrfcom; No ImagePath

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-10 22:31 - 2014-02-10 22:32 - 00015539 _____ () C:\Users\pc1\Desktop\FRST.txt

2014-02-10 22:31 - 2014-02-10 22:31 - 00000000 ____D () C:\FRST

2014-02-10 22:29 - 2014-02-10 22:29 - 02150400 _____ (Farbar) C:\Users\pc1\Desktop\FRST64.exe

2014-02-10 18:47 - 2014-02-10 18:48 - 04721920 _____ (Piriform Ltd) C:\Users\pc1\Downloads\ccsetup410.exe

2014-02-08 20:23 - 2014-02-08 20:24 - 00016384 ___SH () C:\Users\pc1\Downloads\Thumbs.db

2014-02-02 19:40 - 2014-02-02 19:44 - 117359576 _____ (Acresso Software Inc. ) C:\Users\pc1\Downloads\GTS_V8.11.006_NDSI.exe

2014-01-18 17:17 - 2014-01-18 17:27 - 00000000 ____D () C:\Users\pc1\Desktop\izpit

2014-01-15 20:35 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 20:35 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 20:35 - 2013-11-26 12:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

2014-02-10 22:32 - 2014-02-10 22:31 - 00015539 _____ () C:\Users\pc1\Desktop\FRST.txt

2014-02-10 22:31 - 2014-02-10 22:31 - 00000000 ____D () C:\FRST

2014-02-10 22:31 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-10 22:31 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-10 22:29 - 2014-02-10 22:29 - 02150400 _____ (Farbar) C:\Users\pc1\Desktop\FRST64.exe

2014-02-10 22:28 - 2012-09-25 21:48 - 01340116 _____ () C:\Windows\WindowsUpdate.log

2014-02-10 22:24 - 2012-10-06 18:59 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-10 22:24 - 2010-11-21 05:47 - 00052204 _____ () C:\Windows\PFRO.log

2014-02-10 22:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-10 22:24 - 2009-07-14 06:51 - 00127521 _____ () C:\Windows\setupact.log

2014-02-10 22:23 - 2012-09-26 19:19 - 00000000 ____D () C:\Users\pc1\AppData\Roaming\uTorrent

2014-02-10 22:22 - 2013-04-24 22:36 - 00000000 ____D () C:\Program Files (x86)\BrowseToSave

2014-02-10 21:52 - 2012-09-28 22:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-10 21:42 - 2012-10-06 18:59 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-10 18:48 - 2014-02-10 18:47 - 04721920 _____ (Piriform Ltd) C:\Users\pc1\Downloads\ccsetup410.exe

2014-02-09 13:30 - 2013-11-17 17:19 - 00001140 __RSH () C:\Users\pc1\ntuser.pol

2014-02-09 13:30 - 2012-09-26 06:07 - 00000000 ____D () C:\Users\pc1

2014-02-08 21:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-02-08 20:55 - 2012-12-25 19:30 - 00000000 ____D () C:\Users\pc1\Desktop\Joanka

2014-02-08 20:36 - 2012-10-06 18:59 - 00003988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-08 20:36 - 2012-10-06 18:59 - 00003736 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-08 20:24 - 2014-02-08 20:23 - 00016384 ___SH () C:\Users\pc1\Downloads\Thumbs.db

2014-02-08 02:53 - 2013-01-12 17:27 - 00000000 ____D () C:\Users\pc1\AppData\Roaming\vlc

2014-02-05 22:52 - 2012-09-28 22:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 22:52 - 2012-09-28 22:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-05 22:52 - 2012-09-28 22:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-02 19:44 - 2014-02-02 19:40 - 117359576 _____ (Acresso Software Inc. ) C:\Users\pc1\Downloads\GTS_V8.11.006_NDSI.exe

2014-02-02 11:04 - 2009-07-14 07:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-01 16:07 - 2013-03-22 20:38 - 00000000 ____D () C:\Users\pc1\Desktop\Toyota

2014-02-01 16:05 - 2013-09-07 12:34 - 00000000 ____D () C:\Users\pc1\Desktop\auto

2014-01-30 22:37 - 2013-04-06 20:30 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-30 22:37 - 2009-07-14 04:34 - 00000551 _____ () C:\Windows\win.ini

2014-01-23 21:01 - 2009-07-14 07:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-19 09:33 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-18 17:27 - 2014-01-18 17:17 - 00000000 ____D () C:\Users\pc1\Desktop\izpit

2014-01-17 20:54 - 2009-07-14 06:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-15 22:57 - 2013-08-13 22:40 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 22:54 - 2012-09-26 20:34 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\pc1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\pc1\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\pc1\AppData\Local\Temp\Mobogenie_Setup_2-1-23_517.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-08 21:42

 

==================== End Of Log ============================

 

последния файл

Здравейте , от известно време наблюдавам забавяне на компютъра при стартиране и при отваряне на интернет страници. При пускане на клип онлайн има насичане , проблема не е в интернета защото с др лаптоп си върви добре.Това са резултатите от сканирането

Addition.txt

[Night_Raven]

Липсват основният дневник от FRST (копирал си само първите няколко реда) и дневникът от Malwarebytes Anti-Malware.

[vasilmihov]

Липсват основният дневник от FRST (копирал си само първите няколко реда) и дневникът от Malwarebytes Anti-Malware.

2014/02/10 17:43:53 +0200 PC1123333 pc1 MESSAGE Starting database refresh

2014/02/10 17:44:03 +0200 PC1123333 pc1 MESSAGE Database refreshed successfully

  

само това е от дневника на Malwarebytes Anti-Malware.

 

 

от FRST е това

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014

Ran by pc1 (administrator) on PC1123333 on 10-02-2014 22:31:22

Running from C:\Users\pc1\Desktop

Windows 7 Ultimate Service Pack 1 (X64) OS Language: Bulgarian

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

() C:\ProgramData\DatacardService\HWDeviceService64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2387752 2010-09-30] (Synaptics Incorporated)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {2381584a-9259-11e2-8e16-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {2381585b-9259-11e2-8e16-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {40e522f1-30c1-11e2-a9c3-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {53dd3296-7831-11e2-aa98-e0ca94e19ff0} - G:\Inst.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {8d90d8ca-10a0-11e2-be1c-e0ca94e19ff0} - G:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {8d90d8dd-10a0-11e2-be1c-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81318-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81336-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {aae81364-91ee-11e2-9854-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {b017f233-e98d-11e2-b241-e0ca94e19ff0} - H:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {e7868358-918e-11e2-ab1d-e0ca94e19ff0} - I:\AutoRun.exe

HKU\S-1-5-21-3951854703-640708595-620863282-1000\...\MountPoints2: {e786836c-918e-11e2-ab1d-e0ca94e19ff0} - H:\AutoRun.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5F5A9E22169CCD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {EDF963C7-D045-4A14-8944-E889E0E6CD25} URL = http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: CGMFragment Class - {0695F52A-89A2-4246-81B5-AFAD2D3B865F} - C:\Program Files (x86)\Ematek\MetaWeb\MetaBHO.dll ()

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\Windows\SysWOW64\cgmopenbho.dll (CGM Open Consortium, Inc.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{68329BAA-58A1-41E8-82B3-0CD8FF13112A}: [NameServer]212.39.90.42 212.39.90.43

Tcpip\..\Interfaces\{C105DB8B-578E-4900-8490-E7400F1B18D5}: [NameServer]212.39.90.42 212.39.90.43

Tcpip\..\Interfaces\{FDA2D1B6-5B09-419F-A793-DE955FE1B9AE}: [NameServer]212.39.90.42 212.39.90.43

 

FireFox:

========

FF ProfilePath: C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml

FF Extension: Default Tab - C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\addon@defaulttab.com.xpi [2013-11-17]

FF Extension: Torntv 2 - C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\torntv2@torntv.com.xpi [2013-06-11]

FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.bg/

CHR DefaultSearchKeyword: search here

CHR DefaultSearchProvider: Search Here

CHR DefaultSearchURL: http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Extension: (Google Wallet) - C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-08-24]

CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-08-24]

 

==================== Services (Whitelisted) =================

 

R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-05-11] (Autodata Limited)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2013-03-21] ()

 

==================== Drivers (Whitelisted) ====================

 

R3 AR5416; C:\Windows\System32\DRIVERS\athwx.sys [2716768 2010-11-05] (Atheros Communications, Inc.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-16] (DT Soft Ltd)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [238080 2013-03-21] (Huawei Technologies Co., Ltd.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 Tosrfcom; No ImagePath

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-10 22:31 - 2014-02-10 22:32 - 00015539 _____ () C:\Users\pc1\Desktop\FRST.txt

2014-02-10 22:31 - 2014-02-10 22:31 - 00000000 ____D () C:\FRST

2014-02-10 22:29 - 2014-02-10 22:29 - 02150400 _____ (Farbar) C:\Users\pc1\Desktop\FRST64.exe

2014-02-10 18:47 - 2014-02-10 18:48 - 04721920 _____ (Piriform Ltd) C:\Users\pc1\Downloads\ccsetup410.exe

2014-02-08 20:23 - 2014-02-08 20:24 - 00016384 ___SH () C:\Users\pc1\Downloads\Thumbs.db

2014-02-02 19:40 - 2014-02-02 19:44 - 117359576 _____ (Acresso Software Inc. ) C:\Users\pc1\Downloads\GTS_V8.11.006_NDSI.exe

2014-01-18 17:17 - 2014-01-18 17:27 - 00000000 ____D () C:\Users\pc1\Desktop\izpit

2014-01-15 20:35 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 20:35 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 20:35 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 20:35 - 2013-11-26 12:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

2014-02-10 22:32 - 2014-02-10 22:31 - 00015539 _____ () C:\Users\pc1\Desktop\FRST.txt

2014-02-10 22:31 - 2014-02-10 22:31 - 00000000 ____D () C:\FRST

2014-02-10 22:31 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-10 22:31 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-10 22:29 - 2014-02-10 22:29 - 02150400 _____ (Farbar) C:\Users\pc1\Desktop\FRST64.exe

2014-02-10 22:28 - 2012-09-25 21:48 - 01340116 _____ () C:\Windows\WindowsUpdate.log

2014-02-10 22:24 - 2012-10-06 18:59 - 00000988 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-10 22:24 - 2010-11-21 05:47 - 00052204 _____ () C:\Windows\PFRO.log

2014-02-10 22:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-10 22:24 - 2009-07-14 06:51 - 00127521 _____ () C:\Windows\setupact.log

2014-02-10 22:23 - 2012-09-26 19:19 - 00000000 ____D () C:\Users\pc1\AppData\Roaming\uTorrent

2014-02-10 22:22 - 2013-04-24 22:36 - 00000000 ____D () C:\Program Files (x86)\BrowseToSave

2014-02-10 21:52 - 2012-09-28 22:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-10 21:42 - 2012-10-06 18:59 - 00000992 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-10 18:48 - 2014-02-10 18:47 - 04721920 _____ (Piriform Ltd) C:\Users\pc1\Downloads\ccsetup410.exe

2014-02-09 13:30 - 2013-11-17 17:19 - 00001140 __RSH () C:\Users\pc1\ntuser.pol

2014-02-09 13:30 - 2012-09-26 06:07 - 00000000 ____D () C:\Users\pc1

2014-02-08 21:04 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-02-08 20:55 - 2012-12-25 19:30 - 00000000 ____D () C:\Users\pc1\Desktop\Joanka

2014-02-08 20:36 - 2012-10-06 18:59 - 00003988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-08 20:36 - 2012-10-06 18:59 - 00003736 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-08 20:24 - 2014-02-08 20:23 - 00016384 ___SH () C:\Users\pc1\Downloads\Thumbs.db

2014-02-08 02:53 - 2013-01-12 17:27 - 00000000 ____D () C:\Users\pc1\AppData\Roaming\vlc

2014-02-05 22:52 - 2012-09-28 22:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 22:52 - 2012-09-28 22:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-05 22:52 - 2012-09-28 22:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-02 19:44 - 2014-02-02 19:40 - 117359576 _____ (Acresso Software Inc. ) C:\Users\pc1\Downloads\GTS_V8.11.006_NDSI.exe

2014-02-02 11:04 - 2009-07-14 07:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-01 16:07 - 2013-03-22 20:38 - 00000000 ____D () C:\Users\pc1\Desktop\Toyota

2014-02-01 16:05 - 2013-09-07 12:34 - 00000000 ____D () C:\Users\pc1\Desktop\auto

2014-01-30 22:37 - 2013-04-06 20:30 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-30 22:37 - 2009-07-14 04:34 - 00000551 _____ () C:\Windows\win.ini

2014-01-23 21:01 - 2009-07-14 07:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-01-19 09:33 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-18 17:27 - 2014-01-18 17:17 - 00000000 ____D () C:\Users\pc1\Desktop\izpit

2014-01-17 20:54 - 2009-07-14 06:45 - 00416712 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-15 22:57 - 2013-08-13 22:40 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 22:54 - 2012-09-26 20:34 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

Some content of TEMP:

====================

C:\Users\pc1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\pc1\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\pc1\AppData\Local\Temp\Mobogenie_Setup_2-1-23_517.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-08 21:42

 

==================== End Of Log ============================

Това е целия файл FRST , незнам защо не се копира 

FRST.txt

[Night_Raven]

Не е възможно да е само това. Изпълни инструкциите както трябва.

[vasilmihov]

Дневника на  Malwarebytes Anti-Malware.

 

 

2014/02/11 11:35:04 +0200 PC1123333 pc1 MESSAGE Starting database refresh

2014/02/11 11:35:11 +0200 PC1123333 pc1 MESSAGE Database refreshed successfully

 

Давам двата файла , и този който излиза след сканирането и този от дневника.

 

 

 

След сканирането с Farbar Recovery Scan Tool  

има само един файл FRST

 

 

Не знам защо не мога да копирам цялото съдържание и затова ги прикрепям , мога да добавя като други проблеми на лаптопа   1.като вкл мишката и много бавно я разпознава (около минута )

  2,ако го оставя да "заспи" и след това блокира и трябва да го спирам от бутона(интересно е , че не го прави всеки път някога се "събужда")

protection-log-2014-02-11.txt

mbam-log-2014-02-11 (11-35-24).txt

FRST.txt

[Night_Raven]

Не виждам нищо опасно. Има излишни неща, но дотам. Ако ти се занимава, направи следното...

 

Деинсталирай следните приложения:

- Desk 365;

- Omiga Plus;

- BrowseToSave;

- Search Assistant WebSearch;

- McAfee Security Scan Plus.

 

След като ги деинсталираш, изпълни следното...

 

Изтегли AdwCleaner и го запази на работния плот. Стартирай го и кликни бутон Scan. Изчакай да се сканира, след което кликни бутон Clean. Потвърди с OK на всички прозорци, което ще доведе до рестарт на системата. След рестарта ще се отвори текстов файл. Моля, копирай съдържанието му тук.

[vasilmihov]

Първите две приложения не мога да ги намеря и не съм ги деинсталирал , да правя ли сканиране с AdwCleaner?

[Night_Raven]

Да.

[vasilmihov]

# AdwCleaner v3.018 - Report created 11/02/2014 at 22:16:22

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : pc1 - PC1123333

# Running from : C:\Users\pc1\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Windows\SysWOW64\ARFC

Folder Deleted : C:\Windows\SysWOW64\jmdp

Folder Deleted : C:\Windows\System32\ARFC

Folder Deleted : C:\Users\pc1\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\pc1\AppData\Roaming\Omiga Plus

File Deleted : C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\addon@defaulttab.com.xpi

File Deleted : C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\Extensions\torntv2@torntv.com.xpi

File Deleted : C:\Windows\System32\dmwu.exe

File Deleted : C:\Windows\System32\ImhxxpComm.dll

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

File Deleted : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\omigaplusSvc

Key Deleted : HKLM\Software\SProtector

Key Deleted : [x64] HKLM\SOFTWARE\IB Updater

Key Deleted : [x64] HKLM\SOFTWARE\wnlt

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v25.0.1 (bg)

 

[ File : C:\Users\pc1\AppData\Roaming\Mozilla\Firefox\Profiles\k2j7d578.default\prefs.js ]

 

Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");

Line Deleted : user_pref("extentions.webcake.installId", "c0e9d759-09fa-4d31-8df8-e04a8604df8e");

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\pc1\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3236 octets] - [11/02/2014 22:07:47]

AdwCleaner[s0].txt - [3129 octets] - [11/02/2014 22:16:22]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3189 octets] ##########

 

AdwCleanerS0.txt

[Night_Raven]

Още ли има забавяне?

[vasilmihov]

Определено стана по-бърз , мишката я разпознава веднага , два пъти тествах заспиването и там няма проблеми.Благодаря много за помоща.

[Night_Raven]

В такъв случай можеш да стартираш отново AdwCleaner и да кликнеш бутон Uninstall.

 

Можеш също така да изтриеш FRST и създадените от него дневници и папка в дял C:\.